Progent's Ransomware Forensics Investigation and Reporting Services in St. Louis
Progent's ransomware forensics consultants can save the evidence of a ransomware assault and carry out a comprehensive forensics investigation without slowing down activity required for business resumption and data recovery. Your St. Louis business can utilize Progent's forensics documentation to counter future ransomware attacks, validate the recovery of encrypted data, and meet insurance carrier and regulatory reporting requirements.
Ransomware forensics investigation is aimed at tracking and describing the ransomware assault's storyline across the network from beginning to end. This audit trail of how a ransomware attack travelled through the network helps you to assess the impact and uncovers vulnerabilities in security policies or work habits that should be corrected to avoid later break-ins. Forensics is commonly given a top priority by the insurance carrier and is often mandated by government and industry regulations. Since forensic analysis can take time, it is critical that other important recovery processes such as operational continuity are executed in parallel. Progent has a large team of IT and cybersecurity professionals with the skills needed to perform the work of containment, operational continuity, and data restoration without interfering with forensics.
Ransomware forensics is complicated and requires close cooperation with the groups responsible for file cleanup and, if necessary, payment negotiation with the ransomware Threat Actor. forensics can require the review of logs, registry, GPO, Active Directory (AD), DNS servers, routers, firewalls, scheduled tasks, and basic Windows systems to check for changes.
Services involved with forensics analysis include:
- Isolate but avoid shutting off all potentially affected devices from the network. This may involve closing all Remote Desktop Protocol (RDP) ports and Internet connected NAS storage, changing admin credentials and user PWs, and implementing 2FA to secure your backups.
- Create forensically sound images of all exposed devices so the file recovery group can get started
- Save firewall, virtual private network, and additional critical logs as soon as possible
- Establish the kind of ransomware involved in the assault
- Inspect every machine and storage device on the network including cloud storage for indications of compromise
- Catalog all encrypted devices
- Determine the type of ransomware involved in the assault
- Study log activity and sessions to establish the timeline of the assault and to identify any potential lateral migration from the first compromised machine
- Identify the security gaps exploited to perpetrate the ransomware attack
- Search for the creation of executables associated with the original encrypted files or system breach
- Parse Outlook PST files
- Analyze email attachments
- Extract any URLs from messages and determine whether they are malicious
- Provide extensive attack documentation to meet your insurance carrier and compliance mandates
- Document recommendations to close cybersecurity vulnerabilities and improve processes that lower the exposure to a future ransomware exploit
Progent's Qualifications
Progent has delivered online and onsite network services across the United States for more than 20 years and has earned Microsoft's Gold Partner designation in the Datacenter and Cloud Productivity practice areas. Progent's team of subject matter experts (SMEs) includes professionals who have been awarded advanced certifications in foundation technologies including Cisco infrastructure, VMware virtualization, and popular Linux distros. Progent's cybersecurity consultants have earned prestigious certifications including CISA, CISSP, and CRISC. (Refer to certifications earned by Progent consultants). Progent also has guidance in financial management and ERP applications. This scope of expertise gives Progent the ability to salvage and integrate the surviving pieces of your information system following a ransomware intrusion and rebuild them quickly into a viable network. Progent has collaborated with leading insurance carriers including Chubb to assist organizations recover from ransomware attacks.
Contact Progent about Ransomware Forensics Investigation Services in St. Louis
To learn more about ways Progent can assist your St. Louis organization with ransomware forensics investigation, call 1-800-462-8800 or visit Contact Progent.